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Docket No.: 1454.1203 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re the Application of: 

PCT National Phase of PCT/DEOO/01788 

Gunther HORN et al. 

Serial No. Group Art Unit: To be assigned 

Confirmation No. 

Filed: Examiner: To be assigned 

For: METHOD AND SYSTEM FOR VERIFYING THE AUTHENTICITY OF A FIRST 
COMMUNICATION PARTICIPANTS IN A COMMUNICATIONS NETWORK 

PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

Before examination of the above-identified application, please amend the application as 

follows: 

IN THE SPECIFICATION: 

Please REPLACE the specification originally filed with the enclosed Substitute 
Specification. 

IN THE CLAIMS: 

Please CANCEL claims 1-11. 

Please ADD new claims 12-30 in accordance with the following: 

12. (NEW) A method for checking the authenticity of a first communication subscriber in 
a communications network, comprising: 

forming a first fault information item in the first communication subscriber using a fault 
detection data item of the first communication subscriber and an information item relating to a 
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random data item which has been transmitted to the first communication subscriber by a 
second communication subscriber in the communications network; 

transmitting the first fault information to the second communication subscriber by the 
first communication subscriber, 

forming a second fault information item in the second communication subscriber using a 
fault detection data item of the second communication subscriber and the information item 
relating to the random data item; 

checking the authenticity of the first communication subscriber in the second 
communication subscriber using the first fault information item and the second fault information 
item. 

13. (NEW) The method as claimed in claim 12, wherein a difference is determined 
between the fault detection data item of the first communication subscriber and the fault 
detection data item of the second communication subscriber. 

14. (NEW) The method as claimed in claim 13, wherein the difference is limited. 

15. (NEW) The method as claimed in claim 12, wherein the first and second 
communication subscribers are part of a mobile phone system. 

16. (NEW) The method as claimed in claim 13, wherein the first and second 
communication subscribers are part of a mobile phone system. 

17. (NEW) The method as claimed in claim 14, wherein the first and second 
communication subscribers are part of a mobile phone system. 

18. (NEW) A system for checking authenticity in a communications network, 
comprising: 

a first communication subscriber to fomi a first fault information using a fault 
detection data item of the first communication subscriber and an information item relating to a 
random data item which has been transmitted to the first communication subscriber, and to 
transmit the first fault information; 

a second communication subscriber to transmit the information relating to the 
random data item to the first communication subscriber, to receive the first fault information 
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from the first communication subscriber, to form a second fault information using a fault 
detection data item of the second communication subscriber and the information relating to the 
random data item, and to check the authenticity of the first communication subscriber using the 
first fault information and the second fault information. 

19. (NEW) The system as claimed in claim 18, wherein the first communication 
subscriber is a service provider and the second communication subscriber is a service user in 
the communications network. 

20. (NEW) The system as claimed in claim 19, wherein the service provider is a mobile 
phone operator and the service user is a mobile phone. 

21 . (NEW) The system as claimed in claim 18, wherein the fault detection data items 
are sequential numbers. 

22 . (NEW) The system as claimed in claim 21, wherein the information relating to the 
random data item is a random number. 

23 . (NEW) The system as claimed in claim 18, wherein the first and second 
communication subscribers are part of a mobile phone system. 

24. (NEW) The system as claimed in claim 21 , wherein the first communication 
subscriber is a service provider and the second communication subscriber is a service user in 
the communications network. 

25. (NEW) The system as claimed in claim 24, wherein the service provider is a mobile 
phone operator and the service user is a mobile phone. 

26. (NEW) The system as claimed In claim 22, wherein the first communication 
subscriber is a service provider and the second communication subscriber is a service user in 
the communications network. 

27. (NEW) The system as claimed in claim 26, wherein the service provider is a mobile 
phone operator and the service user is a mobile phone. 

3 
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28. (NEW) The system as claimed in claim 19, wherein the fault detection data items 
are sequential numbers. 

29. (NEW) The system as claimed in claim 28, wherein the information relating to the 
random data item is a random number. 

30. (NEW) The system as claimed in claim 29, wherein the service provider is a mobile 
phone operator and the service user is a mobile phone. 
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REMARKS 



This Preliminary Amendment is submitted to improve the form of the specification as 
originally-filed. A substitute specification and marked-up copy of the original specification are 
enclosed. No new matter is added to these documents. 

It is respectfully requested that this Preliminary Amendment be entered in the above- 
referenced application. 

If any further fees are required in connection with the filing of this Preliminary 
Amendment, please charge same to our Deposit Account No. 19-3935. 



Respectfully submitted, 



STAAS & HALSEY LLP 




Registration No. 36,162 



700 Eleventh Street, NW, Suite 500 
Washington, D.C. 20001 
(202) 434-1500 
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SUBSTITUTE SPECIFICATION 

TITLE OF THE INVENTION 

METHOD AND SYSTEM FOR VERYFYING THE AUTHENTICITY OF A FIRST 
COMMUNICATION PARTICIPANTS IN A COMMUNICATIONS NETWORK 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] This application is based on and hereby claims priority to German Application No, 
19927 271.9 filed on June 15, 1999 in Germany, and PCT Application No. PCT/DEOO/01788 
filed on May 31, 2000, the contents of which are hereby incorporated by reference. 

BACKGROUND OF THE INVENTION 

[0002] The invention relates to a method and an arrangement for checking the authenticity of a 
first communication subscriber in a communications network. 

[0003] In a communications network, data is generally transmitted between communication 
subscribers, for example a service provider and a service user. In order to protect a 
communications network against penetration of an unauthorized communication subscriber into 
the communications network, the authenticity of each communication subscriber is generally 
checked. 

[0004] 3G TS 33.102 Version 3.0.0 Draft Standard, 3'^ Generation Partnership Project, 
Technical Specification Group Services and System Aspects, 3G Security, Security Architecture, 
05/1999 ("the 3G reference") discloses a method and an arrangement for checking the 
authenticity of a communication subscriber, in particular of a service provider or of a service 
user in a communications network. 

[0005] The method known from the 3G reference and the corresponding arrangement are 
based on what is referred to as 3G TS 33.102 Version 3.0.0 Draft Standard, which describes a 
security architecture of a mobile phone system. 

[0006] In Fig. 4, the procedure during the checking of the authenticity of a communication 
subcriber, such as is known from the 3G reference is illustrated symbolically and parts thereof 
will be explained below briefly. 
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[0007] A transmission of data is illustrated in Fig. 4 by an arrow in each case. A direction of an 
arrow cliaracterizes a transmission direction during a data transmission. 

[0008] Fig. 4 sliows a mobile phone system 400, comprising a user 401 of a communication 
service, for example a mobile phone, and a provider 402 of a communication service. The 
provider 402 comprises a dial-in network 403 with a dial-in network operator from which the user 

401 locally requests a communication service, and a home network 404 with a home network 
operator with which the user 401 is signed on and registered. 

[0009] In addition, the user 401 , the dial-in network 403 and the home network 404 each have a 
central processing unit with a memory, for example a server (central computing unit), with which 
processing unit the procedure described below is monitored and controlled and on which 
memory data is stored. 

[0010] The dial-in network 403 and the home network 404 are connected to one another via a 
data line over which digital data can be transmitted. The user 401 and the dial-in network 403 
are connected to one another via any desired transmission medium for the transmission of 
digital data. 

[0011] During a communication, the user 401 dials 410 into the dial-in network 403. At the start 
of the communication, checking of both the authenticity of the user 401 and the authenticity of 
the provider 402 is carried out. 

[0012] To do this, the dial-in network 403 requests 411 what is referred to as authentication data 
from the home network 404, with which data the authenticity of the user 401 and of the provider 

402 can be checked. 

[0013] The authentication data which is obtained from the home network 404 comprises a 
random number and a sequential number of the provider 402. The sequential number of the 
provider 402 is obtained in such a way that a counter of the provider 402 increases the 
sequential number of the provider 402 by the value 1 at each attempt at communication 
between the user 401 and the provider 402. 



3 



Docket No. 1454.1203 
Inventors Giinther HORN et al. 



[0014] It is to be noted that the random number and the sequential number of the provider 402 
only constitute part of the authentication data and are not to be understood as comprehensive. 
Further authentication data is known from the 3G reference. 

[0015] The home network 404 transmits 412 the requested authentication data to the dial-in 
network 403. The dial-in network 403 processes the received authentication data In a suitable 
way 413, and transmits the processed authentication data to the user 401. 

[0016] The user 401 checks 415 the authenticity of the provider 402 using a dedicated 
sequential number, which is handled in a way corresponding to the sequential number of the 
provider 402, and using the sequential number of the provider 402. 

[0017] The procedure during the checking of the authenticity of the provider 402 is described in 
the 3G reference. 

[0018] A result of the checking of the authenticity of provider 402, "authenticity of provider 
satisfactory" 416, "authenticity of provider satisfactory but sequential fault has occurred" 417 or 
"authenticity of provider not satisfactory" 418, is transmitted 419 from the user 401 to the 
provider 402. 

[0019] In the case of the result "authenticity of provider satisfactory" 416, the dial-in network 
403 checks 420 the authenticity of the user 401 as described in the 3G reference. 

[0020] In the case of the result "authenticity of provider not satisfactory" 418, the 
communication is interrupted and/or restarted 421. 

[0021] In the case of the result "authenticity of provider satisfactory but a sequential fault has 
occurred" 417, resynchronization takes place in such a way that the home network 404 
transmits 422 a resynchronization request to the user 401 . The user responds with a 
resynchronization response in which resynchronization data is transmitted 423 to the home 
network 404. The sequential number of the provider 402 is changed 424 as a function of the 
resynchronization response. The authenticity of the user 401 is then checked, as is known from 
the 3G reference. 
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[0022] The procedure described has the disadvantage that during checking of the authenticity 
of a communication subscriber, in particular during the checking of the authenticity of a service 
provider, a large amount of data has to be transmitted between the communication subscribers. 

SUMMARY OF THE INVENTION 

[0023] One aspect of the invention is thus based on simplifying and improving the known 
method and the known arrangement, to yield a simplified and improved arrangement for 
checking the authenticity of a communication subscriber in a communications network. 

[0024] In the method for checking the authenticity of a first communication subscriber in a 
communications network, a first fault infomiation item is formed in the first communication 
subscriber using a fault detection data item of the first communication subscriber and an 
information item relating to a random data item. In a second communication subscriber in the 
communications network, a second fault information item is formed using a fault detection data 
item of the first communication subscriber and the information relating to the random data item. 

[0025] The authenticity of the first communication subscriber is checked using the first fault 
information item and the second fault information item. 

[0026] In the arrangement for checking the authenticity of a first communication subscriber in a 
communications network, the first communication subscriber is set up in such a way that a first 
fault information item can be fomaed using a fault detection data item of the first communication 
subscriber and an information item relating to a random data item. In addition, the arrangement 
has a second communication subscriber in the communications network which is set up in such 
a way that a second fault information item can be fomned using a fault detection data item of the 
second communication subscriber and the information relating to the random data item. The 
authenticity of the first communication subscriber can be checked using the first fault infomiation 
item and the second fault information item. 

[0027] The checking of the authenticity of a communication subscriber in a communications 
network is to be understood as meaning method steps which are carried out in the wider sense 
with checking of the authorization of a communication subscriber for access to a 
communications network or participation in communication in a communications network. 
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[0028] This thus encx}mpasses both method steps which are carried out within the scope of the 
checl<ing of the authorization of a communication subscriber for access to a communications 
network and such method steps which are carried out within the scope of the processing or the 
administration of data which is used in the checking. 

[0029] The developments described below relate to the method and to the arrangement. 

[0030] The development described below can be implemented either using software or 
hardware, for example using a specific electrical circuit. 

[0031] In one refinement, the first communication subscriber is a service provider and/or the 
second communication subscriber is a service user in the communications network. 

[0032] A sequential number is preferably used as the fault detection data item. 

[0033] In one refinement, the information relating to the random data item is a random number. 

[0034] In one development, the checking of the authenticity is simplified by determining a 
difference between the fault detection data item of the first communication subscriber and the 
fault detection data item of the second communication subscriber. 

[0035] In one refinement, the checking of the authenticity is further improved with respect to the 
security of the communications network by limiting the difference. 

[0036] One development is preferably used within the scope of a mobile phone system. In the 
mobile phone system, the service user is implemented as a mobile phone and/or the service 
provider is implemented as a mobile phone network operator. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0037] These and other objects and advantages of the present invention will become more 
apparent and more readily appreciated from the following description of the preferred 
embodiments, taken in conjunction with the accompanying drawings of which: 

Fig. 1 shows a mobile phone system; 

Fig. 2 shows an outline in which checking of the authenticity of a communication 
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subscriber is illustrated symbolically; 

Fig. 3 shows a flowchart in which Individual method steps are illustrated during 
checking of the authenticity of a service provider in a communications network; and 

Fig. 4 shows an outline in which checking of the authenticity of a communication 
subscriber in accordance with the 3G TS 33.102 Version 3.0.0 Standard is illustrated 
symbolically. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

[00381 Reference will now be made in detail to the preferred embodiments of the present 
invention, examples of which are illustrated in the accompanying drawings, wherein like 
reference numerals refer to like elements throughout. 

Exemplary embodiment: mobile phone system 

[0039] A mobile phone system 100 is illustrated in Fig. 1. The mobile phone system 100 
comprises a mobile phone 101, a local dial-in network 102 with a dial-in networi< operator 103 
and a home network 104 with a home network operator 105. 

[0040] The mobile phone 101 is signed on and registered in the home network 104. 

[0041] In addition, the mobile phone 101, the dial-in network 102 and the home network 104 
each have a central processing unit 106. 107, 108 with a memory 109, 110, 111, with which 
processing units 106, 107, 108 the procedure described below is monitored and controlled, and 
on which memories 109, 110, 111 data is stored. 

[0042] The dial-in networi^ 102 and the home network 104 are connected to one another via a 
data line 112 via which digital data can be transmitted. The mobile phone 101 and the dial-in 
network 102 are connected to one another via any desired transmission medium 113 for 
transmitting digital data. 

[0043] The procedure during the checking of the authenticity of the mobile phone 101 and the 
procedure during the checking of the authenticity of the home network 104 and/or of the home 
network operator 105 are illustrated symbolically in Fig. 2, and parts thereof will be explained 
below briefly. 
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[0044] The transmission of data in Fig. 2 is illustrated in each case by an an"ow. A direction of 
an anrow characterizes a transmission direction during a data transmission. 

[0045] The procedure which is described below and illustrated symbolically in Fig. 2 is based 
on what is referred to as a 3G TS 33.102 Version 3.0.0 Standard, which describes a security 
architecture of a mobile phone system and is described in the 3G reference. 

[0046] During a communication, the mobile phone 201 dials 210 into the dial-in network 203. At 
the start of the communication, checking both of the authenticity of the mobile phone 201 and of 
the authenticity of the home network 204 and/or of the home network operator takes place. 

[0047] To do this, the dial-in network 203 requests 211 authentication data from the home 
network 204, with which authentication data the authenticity of the user 201 and of the home 
network 204 and/or of the home network operator can be checked. 

[0048] The authentication data which is determined by the home network 204 comprises a 
random number and a sequential number of the home network 204 (cf. Fig. 3 step 31 0). The 
sequential number of the home network 204 is determined in such a way that a counter of the 
home network 204 increases the sequential number of the home network 204 by the value 1 at 
each attempt at communication between the mobile phone 201 and the home network 204. 

[0049] It is to be noted that the random number and the sequential number of the home network 
204 only constitute part of the authentication data and are not to be understood as 
comprehensive. Further authentication data is specified in the 3G reference. 

[0050] The home network 204 transmits 212 the requested authentication data to the dial-in 
network 203. The dial-in network 203 processes the received authentication data in a suitable 
way 213 and transmits the processed authentication data to the mobile phone 201. 

[0051] The mobile phone 201 checks 215 the authenticity of the home network 204 using a 
dedicated sequential number which is handled in a way corresponding to the sequential number 
of the home network 204, and using the sequential number of the home network 204. In a way 
corresponding to the home network 204, the mobile phone 201 also has a counter. 
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[0052] The procedure during the checking of the authenticity of the home network 204 is 
described in the 3G reference. Method steps which differ therefrom are described below. 

[0053] What is refen^ed to as overflow checking of the counter of the mobile phone 201 is 
carried out within the scope of the checking of the authenticity of the home network 203. This 
overflow checking prevents overflowing of an acceptable numerical range of the counter of the 
mobile phone 201. 

[0054] In the overflow checking, the following conditions are tested: 

1 ) sequential number of the home network 204 > sequential number of the mobile 
phone 201; 

2) sequential number of the home network 204 - sequential number of the mobile 
phone 201 < - predefinable deviation (1,000,000); 

the following applying for the predefined deviation: 

predefinable deviation is sufficiently large in order to ensure, during normal or 
fault-free communications operation: 

that the sequential number of the home network 204 - sequential number of the mobile 
phone 201 is not > predefinable deviation; 

the maximum pemnissable sequential number of the mobile phone 
201 /predefinable deviation is sufficiently large in order to ensure that the maximum permissible 
sequential number of the mobile phone 201 is not reached during operation. 

[0055] The result of the checking of the authenticity of the home network 204, "authenticity 
satisfactory" 216, "authenticity satisfactory but a sequential fault has occurred" 217 or 
"authenticity not satisfactory" 218 is transmitted 219 to the home network 204 from the mobile 
phone 201. 

[0056] In the case of the result "authenticity satisfactory" 216, the dial-in network 203 checks 
220 the authenticity of the mobile phone 201, as described in 3G reference. 

[0057] In the case of the result "authenticity not satisfactory" 218, the communication is 
interrupted or restarted 221. 
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[0058] In the case of the result "authenticity satisfactory but a sequential fault has occun^ed" 
217, resynchronization 222 takes place. Resynchronization is to be understood as a change of 
the sequential number of the home network 204. 

[0059] For this purpose, the mobile phone 201 transmits 222 resynchronization data to the 
dial-in network 203. 

[0060] The resynchronization data comprises the same random number which was transmitted 
within the scope of the authentication data, and the sequential number of the mobile phone 201 
(cf. Fig. 3 step 320). 

[0061] The dial-in network 203 processes the resynchronization data in a suitable way and 
transmits the processed resynchronization data to the home network 204. 

[0062] The home network 204 checks the sequential number of the mobile phone 201 and the 
sequential number of the home network 204 using the processed resynchronization data, and if 
appropriate changes 223 the sequential number of the home network 204 (cf. Fig. 3 step 330). 

[0063] The home network 204 subsequently transmits new authentication data, which if 
appropriate comprises the changed sequential number of the home network 204, to the dial-in 
network 203. 

[0064] In order to illustrate the described procedure, important steps 300 of the procedure are 
illustrated in Fig. 3. 

[0065] Fig. 3 shows a first step 310 within the scope of which the authentication data (first fault 
information) is determined. 

[0066] The resynchronization data (second fault information) is determined within the scope of 
a second step 320. 

[0067] The sequential number of the mobile phone and the sequential number of the home 
network are checked within the scope of a third step 330, using the resynchronization data. 

[0068] An alternative of the first exemplary embodiment is described below. 
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[0069] In the alternative exemplary embodiment, a method is implemented in which the home 
network is made more reliable with respect to a data loss in the event of a system crash. 

[0070] For this purpose, the current sequential number of the home network is stored in the 
memory of the home network, in each case at a predefinable time interval. A sequential number 
of the home network which has been lost during a system crash of the home network is restored 
in such a way that a predefinable additional value is added to the value of the stored sequential 
number. The predefinable additional value is dimensioned in such a way that exceeding of the 
sum of the sequential number of the mobile phone and the predefinable deviation is not 
exceeded. 

[0071] In the alternative exemplary embodiment, the predefinable additional value is 
determined in such a way that an average number of authentication attempts on one day by the 
home network, which number is determined during operation of the communications network, is 
multiplied by a factor with the value 10. 

[0072] The invention has been described in detail with particular reference to preferred 
embodiments thereof and examples, but it will be understood that variations and modifications 
can be effected within the spirit and scope of the invention. 
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[Description] TITLE OF THE INVENTION 

IVIETHOD AND [ARRANGEMENTI SYSTEM FOR [CHECKINGJVERYFYING THE 
AUTHENTICITY OF A FIRST COMMUNICATION [SUBSCRIBE R1PARTICIPANTS IN A 

COMMUNICATIONS NETWORK 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] This application is based on and hereby claims priority to German Application No. 19927 
271.9 filed on June 15, 1999 in Germany, and PCT Application No. PCT/DEOO/01788 filed on 
May 31, 2000, the contents of which are hereby incorporated by reference. 

BACKGROUND OF THE INVENTION 

[0002] The invention relates to a method and an arrangement for checking the authenticity of a 
first communication subscriber in a communications network. 

[0003] In a communications network, data is generally transmitted between communication 
subscribers, for example a service provider and a service user. In order to protect a 
communications network against penetration of an unauthorized communication subscriber into 
the communications network, the authenticity of each communication subscriber is generally 
checked. 

[0004] [Document] 3G TS 33>102 Version 3.0.0 Draft Standard. 3*^ Generation Partnership 
Project, Technical Specification Group Services and System Aspects. 3G Security. Security 
Architecture. 05/1999 ("the 3G reference") discloses a method and an arrangement for checking 
the authenticity of a communication subscriber, in particular of a service provider or of a service 
user in a communications network. 

[0005] The method known from [document (1 )] the 3G reference and the corresponding 
arrangement are based on what is referred to as 3G TS 33.102 Version 3.0.0 Draft Standard, 
which describes a security architecture of a mobile phone system. 
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[0006] In Fig. 4 . the procedure during the checking of the authenticity of a communication 
subcriber, such as is known from the [document(1)] 3G reference is illustrated symbolically and 
parts thereof will be explained below briefly. 

[0007] A transmission of data is illustrated in Fi g. 4 by an arrow in each case. A direction of an 
arrow characterizes a transmission direction during a data transmission. 

[0008] Fig. 4 shows a mobile phone system 400, comprising a user 401 of a communication 
service, for example a mobile phone, and a provider 402 of a communication service. The 
provider 402 comprises a dial-in network 403 with a dial-in network operator from which the user 

401 locally requests a communication service, and a home network 404 with a home network 
operator with which the user 401 is signed on and registered. 

[0009] In addition, the user 401, the dial-in network 403 and the home network 404 each have a 
central processing unit with a memory, for example a server (central computing unit), with which 
processing unit the procedure described below is monitored and controlled and on which 
memory data is stored. 

[0010] The diaWn network 403 and the home network 404 are connected to one another via a 
data line over which digital data can be transmitted. The user 401 and the dial-in network 403 
are connected to one another via any desired transmission medium for the transmission of 
digital data. 

[001 1] During a communication, the user 401 dials 410 into the dial-in network 403. At the start 
of the communication, checking of both the authenticity of the user 401 and the authenticity of 
the provider 402 is carried out. 

[0012] To do this, the dial-in network 403 requests 411 what is referred to as authentication data 
from the home network 404, with which data the authenticity of the user 401 and of the provider 

402 can be checked. 

[0013] The authentication data which is obtained from the home network 404 comprises a 
random number and a sequential number of the provider 402. The sequential number of the 
provider 402 is obtained in such a way that a counter of the provider 402 increases the 
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sequential number of the provider 402 by the value 1 at each attempt at communication 
between the user 401 and the provider 402. 

[0014] It is to be noted that the random number and the sequential number of the provider 402 
only constitute part of the authentication data and are not to be understood as comprehensive. 
Further authentication data is known from [(1)] the 3G reference . 

[0015] The home network 404 transmits 412 the requested authentication data to the dial-in 
network 403. The dial-in network 403 processes the received authentication data in a suitable 
way 413, and transmits [414] the processed authentication data to the user 401. 

[0016] The user 401 checks 415 the authenticity of the provider 402 using a dedicated 
sequential number, which is handled in a way corresponding to the sequential number of the 
provider 402, and using the sequential number of the provider 402. 

[0017] The procedure during the checking of the authenticity of the provider 402 is described in 
[(1 )1 the 3G reference . 

[0018] A result of the checking of the authenticity of provider 402, "authenticity of provider 
satisfactory" 416, "authenticity of provider satisfactory but sequential fault has occurred" 417 or 
"authenticity of provider not satisfactory" 418, is transmitted 419 from the user 401 to the 
provider 402. 

[0019] In the case of the result "authenticity of provider satisfactory" 416, the dial-in network 
403 checks 420 the authenticity of the user 401 as described in [(1)] the 3G reference . 

[0020] In the case of the result "authenticity of provider not satisfactory" 418, the 
communication is interrupted and/or restarted 421. 

[0021] In the case of the result "authenticity of provider satisfactory but a sequential fault has 
occurred" 417, resynchronization takes place in such a way that the home network 404 
transmits 422 a resynchronization request to the user 401. The user responds with a 
resynchronization response in which resynchronization data is transmitted 423 to the home 
network 404. The sequential number of the provider 402 is changed 424 as a function of the 
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resynchronization response. The authenticity of the user 401 is then checked, as is known from 
[(1 )] the 3G reference . 

[0022] The procedure described has the disadvantage that during checking of the authenticity 
of a communication subscriber, in particular during the checking of the authenticity of a service 
provider, a large amount of data has to be transmitted between the communication subscribers. 

SUIV1MARY OF THE INVENTION 

[0023] [The] Qne aspect of the invention is thus based on [the problem of disclosing a method 
which is simplified and improved in comparison with] simplifyinq and improving the known 
method and the known arrangement, [and a] to yield a simplified and improved anrangement for 
checking the authenticity of a communication subscriber in a communications network. [The 
problem is solved by means of the methods and by means of the arrangements having the 
features in accordance with the independent patent claims.] 

[0024] In the method for checking the authenticity of a first communication subscriber in a 
communications network, a first fault infomnation item is formed in the first communication 
subscriber using a fault detection data item of the first communication subscriber and an 
information item relating to a random data item. In a second communication subscriber in the 
communications network, a second fault information item is formed using a fault detection 
data item of the first communication subscriber and the infonnation relating to the random data 
item. 

[0025] The authenticity of the first communication subscriber is checked using the first fault 
information item and the second fault infomnation item. 

[0026] In the arrangement for checking the authenticity of a first communication subscriber in a 
communications network, the first communication subscriber is set up in such a way that a first 
fault information item can be formed using a fault detection data item of the first communication 
subscriber and an information item relating to a random data item. In addition, the arrangement 
has a second communication subscriber in the communications network which is set up in such 
a way that a second fault infonmation item can be formed using a fault detection data item of the 
second communication subscriber and the information relating to the random data item. The 
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authenticity of the first communication subscriber can be checked using the first fault information 
item and the second fault information item. 

[0027] The checking of the authenticity of a communication subscriber in a communications 
network is to be understood as meaning method steps which are carried out in the wider sense 
with checking of the authorization of a communication subscriber for access to a 
communications network or participation in communication in a communications network. 

[0028] This thus encompasses both method steps which are carried out within the scope of the 
checking of the authorization of a communication subscriber for access to a communications 
network and such method steps which are carried out within the scope of the processing or the 
administration of data which is used in the checking. [Preferred developments of the invention 
are given in the dependent claims.] 

[0029] The developments described below relate to the method and to the arrangement. 

[0030] The [invention and the] development described below can be implemented either using 
software or hardware, for example using a specific electrical circuit. 

[0031] In one refinement, the first communication subscriber is a service provider and/or the 
second communication subscriber is a service user in the communications network. 

[0032] A sequential number is preferably used as the fault detection data item. 

[0033] In one refinement, the information relating to the random data item is a random number. 

[0034] In one development, the checking of the authenticity is simplified by determining a 
difference between the fault detection data item of the first communication subscriber and the 
fault detection data item of the second communication subscriber. 

[0035] In one refinement, the checking of the authenticity is further improved with respect to the 
security of the communications network by limiting the difference. 

[0036] One development is preferably used within the scope of a mobile phone system. In the 
mobile phone system, the service user is implemented as a mobile phone and/or the service 
provider is implemented as a mobile phone network operator. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0037] [An exemplary embodiment of the invention which is explained in more detail below is 
illustrated in the figures, in which figures] These and other objects and advantages of the present 
invention will become more apparent and more readily appreciated from the following 
description of the preferred embodiments, taken in conjunction with the accompanying drawings 
of which : 

[Figure] Fig. 1 shows a mobile phone system; 

[Figure] Fig. 2 shows an outline in which checking of the authenticity of a communication 
subscriber is illustrated symbolically; 

[Figure]Fig. 3 shows a flowchart in which individual method steps are illustrated during 
checking of the authenticity of a service provider in a communications network; arid 

[Figure]Fig, 4 shows an outline in which checking of the authenticity of a communication 
subscriber in accordance with the 3G TS 33.102 Version 3.0.0 Standard is illustrated 
symbolically. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0038] Reference will now be made in detail to the preferred embodiments of the present 
invention, examples of which are illustrated in the accompanying drawings, wherein like 
reference numerals refer to like elements throughout. 

Exemplary embodiment: mobile phone system 

[0039] A mobile phone system 100 is illustrated in Fig. 1 . The mobile phone system 100 
comprises a mobile phone 101, a local dial-in network 102 with a dial-in network operator 103 
and a home network 104 with a home network operator 105. 

[0040] The mobile phone 101 is signed on and registered in the home network 104. 

[0041] In addition, the mobile phone 101, the dial-in network 102 and the home network 104 
each have a central processing unit 106, 107, 108 with a memory 109, 110, 111, with which 
processing units 106, 107, 108 the procedure described below is monitored and controlled, and 
on which memories 109, 110, 111 data is stored. 
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[0042] The dial-in network 102 and the home network 104 are connected to one another via a 
data line 1 12 via which digital data can be transmitted. The mobile phone 101 and the dial-in 
network 102 are connected to one another via any desired transmission medium 113 for 
transmitting digital data. 

[0043] The procedure during the checking of the authenticity of the mobile phone 101 and the 
procedure during the checking of the authenticity of the home network 104 and/or of the home 
network operator 105 are illustrated symbolically in Fig. 2 , and parts thereof will be explained 
below briefly. 

[0044] The transmission of data in Fig. 2 is illustrated in each case by an arrow. A direction of 
an arrow characterizes a transmission direction during a data transmission. 

[0045] The procedure which is described below and Illustrated symbolically in Fig. 2 is based on 
what is referred to as a 3G TS 33.102 Version 3.0.0 Standard, which describes a security 
architecture of a mobile phone system and is described in [(1)] the 3G reference . 

[0046] During a communication, the mobile phone 201 dials 210 into the dial-in network 203. At 
the start of the communication, checking both of the authenticity of the mobile phone 201 and of 
the authenticity of the home network 204 and/or of the home network operator takes place. 

[0047] To do this, the dial-in network 203 requests 21 1 authentication data from the home 
network 204, with which authentication data the authenticity of the user 201 and of the home 
network 204 and/or of the home network operator can be checked. 

[0048] The authentication data which is determined by the home network 204 comprises a 
random number and a sequential number of the home network 204 (cf. Fig. 3 step 310). The 
sequential number of the home network 204 is determined in such a way that a counter of the 
home network 204 increases the sequential number of the home network 204 by the value 1 at 
each attempt at communication between the mobile phone 201 and the home network 204. 

[0049] It is to be noted that the random number and the sequential number of the home network 
204 only constitute part of the authentication data and are not to be understood as 
comprehensive. Further authentication data is specified in [(1)] the 3G reference . 
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[0050] The home network 204 transmits 212 the requested authentication data to the dial-in 
network 203. The dial-in network 203 processes the received authentication data in a suitable 
way 213 and transmits [214] the processed authentication data to the mobile phone 201. 

[0051] The mobile phone 201 checks 215 the authenticity of the home network 204 using a 
dedicated sequential number which is handled in a way corresponding to the sequential number 
of the home network 204, and using the sequential number of the home network 204. In a way 
corresponding to the home network 204, the mobile phone 201 also has a counter. 

[0052] The procedure during the checking of the authenticity of the home network 204 is 
described in [(1)] the 3G reference . Method steps which differ therefrom are described below. 

[0053] What is referred to as overflow checking of the counter of the mobile phone 201 is 
carried out within the scope of the checking of the authenticity of the home network 203. This 
overflow checking prevents overflowing of an acceptable numerical range of the counter of the 
mobile phone 201. 

[0054] In the overflow checking, the following conditions are tested: 

1 ) sequential number of the home network 204 > sequential number of the mobile 
phone 201; 

2) sequential number of the home network 204 - sequential number of the mobile 
phone 201 < - predefinable deviation (1,000,000); 

the following applying for the predefined deviation: 

predefinable deviation is sufficiently large in order to ensure, during normal or 
fault-free communications operation: 

that the sequential number of the home network 204 - sequential number of the mobile 
phone 201 is not > predefinable deviation; 

the maximum pennissable sequential number of the mobile phone 
201 /predefinable deviation is sufficiently large in order to ensure that the maximum permissible 
sequential number of the mobile phone 201 is not reached during operation. 

[0055] The result of the checking of the authenticity of the home network 204, "authenticity 
satisfactory" 216, "authenticity satisfactory but a sequential fault has occurred" 217 or 
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"authenticity not satisfactory" 218 is transmitted [419]219 to the home network 204 from the 
mobile phone 201. 

[0056] In the case of the result "authenticity satisfactory" 216, the dial-in network 203 checks 
220 the authenticity of the mobile phone 201, as described in [(1)] 3G reference . 

[0057] In the case of the result "authenticity not satisfactory" 218, the communication is 
interrupted or restarted 221. 

[0058] In the case of the result "authenticity satisfactory but a sequential fault has occurred" 
217, resynchronization 222 takes place. Resynchronization is to be understood as a change of 
the sequential number of the home network 204. 

[0059] For this purpose, the mobile phone 201 transmits 222 resynchronization data to the 
dial-in network 203. 

[0060] The resynchronization data comprises the same random number which was transmitted 
within the scope of the authentication data, and the sequential number of the mobile phone 201 
(of. Fig. 3 step 320). 

[0061] The dial-in network 203 processes the resynchronization data in a suitable way and 
transmits the processed resynchronization data to the home network 204. 

[0062] The home network 204 checks the sequential number of the mobile phone 201 and the 
sequential number of the home network 204 using the processed resynchronization data, and if 
appropriate changes 223 the sequential number of the home network 204 (cf. Fig. 3 step 330). 

[0063] The home network 204 subsequently transmits new authentication data, which if 
appropriate comprises the changed sequential number of the home network 204, to the dial-in 
network 203. 

[0064] In order to illustrate the described procedure, important steps 300 of the procedure are 
illustrated in Fig. 3 . 

[0065] Fig. 3 shows a first step 310 within the scope of which the authentication data (first fault 
information) is determined. 
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[0066] The resynchronization data (second fault information) is determined witliin the scope of 
a second step 320. 

[0067] The sequential number of the mobile phone and the sequential number of the home 
network are checked within the scope of a third step 330, using the resynchronization data. 

[0068] An alternative of the first exemplary embodiment is described below. 

[0069] In the altemative exemplary embodiment, a method is implemented in which the home 
network is made more reliable with respect to a data loss in the event of a system crash. 

[0070] For this purpose, the cun^ent sequential number of the home network is stored in the 
memory of the home network, in each case at a predefinable time interval. A sequential number 
of the home network which has been lost during a system crash of the home network is restored 
in such a way that a predefinable additional value is added to the value of the stored sequential 
number. The predefinable additional value is dimensioned in such a way that exceeding of the 
sum of the sequential number of the mobile phone and the predefinable deviation is not 
exceeded. 

[0071] In the alternative exemplary embodiment, the predefinable additional value is 
determined in such a way that an average number of authentication attempts on one day by the 
home network, which number is determined during operation of the communications network, is 
multiplied by a factor with the value 10. 

[0072] The invention has been described in detail with particular reference to preferred 
embodiments thereof and examples, but it will be understood that variations and modifications 
can be effected within the spirit and scope of the invention. [The following publication is cited in 
this document: (1) 3G TS 33.102 Version 3.0.0 Draft Standard, 3'"^ Generation Partnership 
Project, Technical Specification Group Services and System Aspects, 3G Security, Security 
Architecture, 05/1999.] 
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J4at hod and arrang grn ent^ fa ii,^iih eckincr the authenticity of a fij^st, 
communication subscriber in a communicati ons network 

5 

The invention relates to a method and an arrangement for checking 
the authenticity of a first communication subscriber in a 
communi cat ions network . 

10 In a communications network, data is generally transmitted between 
communication subscribers, for example a service provider and a 
service user. In order to protect a communications network against 
penetration of an unauthorized communication subscriber into the 
communications network, the authenticity of each communication 
O 15 subscriber is generally checked. 

Document [1] discloses a method and an arrangement for checking 
the authenticity of a communication subscriber, in particular of a 
service provider or of a service user in a communications network. 

Q 20 

■lij The method known from document [1] and the corresponding 

1^* arrangement are based on what is referred to as 3G TS 33.102 

S Version 3.0.0 Draft Standard, which describes a security 

TM architecture of a mobile phone system. 
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Fig. 4 , the procedure during the checking of the authenticity 
of a communication subcriber; such as is known from the document 
[1] is illustrated symbolically and parts thereof will be 
explained below briefly. 



30 



A transmission of data is illustrated in Fig. 4 by an arrow in 
each case. A direction of an arrow characterizes a transmission 
direction during a data transmission. 

Fig. 4 shows a mobile phone system 4 00, comprising a user 4 01 of a 
35 communication service, for example a mobile phone, and a provider 
4 02 of a communication service. The provider 4 02 comprises a 
dial -in network 403 with a dial -in network operator from which the 
user 401 locally requests a communication service, and a home 
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network 4 04 with a home network operator with which the user 401 
is signed on and registered. 

In addition, the user 401, the dial -in network 4 03 and the home 
5 network 4 04 each have a central processing unit with a memory, for 
example a server (central computing unit) , with which processing 
unit the procedure described below is monitored and controlled and 
on which memory data is stored. 



10 The dial -in network 403 and the home network 404 are connected to 
one another via a data line over which digital data can be 
transmitted. The user 401 and the dial -in network 403 are 
connected to one another via any desired transmission medium for 
the transmission of digital data. 

15 

During a communication, the user 401 dials 410 into the dial-in 
network 403. At the start of the communication, checking of both 
the authenticity of the user 401 and the authenticity of the 
provider 402 is carried out. 

20 

To do this, the dial -in network 403 requests 411 what is referred 
to as authentication data from the home network 404, with which 
data the authenticity of the user 401 and of the provider 402 can 
be checked. 

25 

The authentication data which is obtained from the home network 
404 comprises a random number and a sequential number of the 
provider 4 02. The sequential number of 
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the provider 402 is obtained in such a way that a counter of the 
provider 4 02 increases the sequential number of the provider 402 
by the value 1 at each attempt at communication between the user 
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401 and the provider 402. 



It is to be noted that the random number and the sequential number 
of the provider 402 only constitute part of the authentication 
5 data and are not to be understood as comprehensive. Further 
authentication data is known from [1] . 



The home network 404 transmits 412 the requested authentication 
data to the dial-in network 403. The dial-in network 403 processes 
10 the received authentication data in a suitable way 413, and 
transmits 414 the processed authentication data to the user 401. 



The user 401 checks 415 the authenticity of the provider 402 using 
l-s, a dedicated sequential number, which is handled in a way 

M 15 corresponding to the sequential number of the provider 402, and 

^ using the sequential number of the provider 402. 

. 5?: 

The procedure during the checking of the authenticity of the 
provider 4 02 is described in [1] . 

s 20 

A result of the checking of the authenticity of provider 402, 
"^authenticity of provider satisfactory* 416, ''authenticity of 
m provider satisfactory but sequential fault has occurred" 417 or 

M "authenticity of provider not satisfactory" 418, is transmitted 

25 419 from the user 401 to the provider 402. 

In the case of the result "authenticity of provider satisfactory" 
416, the dial -in network 4 03 checks 420 the authenticity of the 
user 401 as described in [1] . 
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In the case of the result ''authenticity of provider not 
satisfactory" 418, the communication is interrupted and/or 
restarted 421, 



In the case of the result ''authenticity of provider satisfactory 
but a sequential fault has occurred" 417, resynchronization takes 
place in such a way that the home network 4 04 transmits 422 a 
resynchronization request to the user 401, The user responds with 
a resynchronization response in which resynchronization data is 
transmitted 423 to the home network 404, The sequential number of 
the provider 402 is changed 424 as a function of the 
resynchronization response. The authenticity of the user 401 is 
then checked, as is known from [1] . 

The procedure described has the disadvantage that during checking 
of the authenticity of a communication subscriber, in particular 
during the checking of the authenticity of a service provider, a 
large amount of data has to be transmitted between the 
communication subscribers . 

The invention is thus based on the problem of disclosing a method 
which is simplified and improved in comparison with the known 
method and the known arrangement, and a simplified and improved 
arrangement for checking the authenticity of a communication 
subscriber in a communications network. 

The problem is solved by means of the methods and by means of the 
arrangements having the features in accordance with the 
independent patent claims. 

In the method for checking the authenticity of a first 
communication subscriber in a communications network, a first 
fault information item is formed in the first communication 
subscriber using a fault detection data item of the first 
communication subscriber and an information item relating to a 
random data item. In a second communication subscriber in the 
communications network, a second fault information item is 
formed 
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using a fault detection data item of the first communication 
subscriber and the information relating to the random data 
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item. 

The authenticity of the first communication subscriber is checked 
using the first fault information item and the second fault 
5 information item. 

In the arrangement for checking the authenticity of a first 
communication subscriber in a communications network, the first 
communication subscriber is set up in such a way that a first 
fault information item can be formed using a fault detection data 
item of the first communication subscriber and an information item 
relating to a random data item. In addition, the arrangement has a 
second communication subscriber in the communications network 
which is set up in such a way that a second fault information item 
can be formed using a fault detection data item of the second 
communication subscriber and the information relating to the 
random data item. The authenticity of the first communication 
subscriber can be checked using the first fault information item 
and the second fault information item. 

The checking of the authenticity of a communication subscriber in 
a communications network is to be understood as meaning method 
steps which are carried out in the wider sense with checking of 
the authorization of a communication subscriber for access to a 
communications network or participation in communication in a 
communications network. 

This thus encompasses both method steps which are carried out 
within the scope of the checking of the authorization of a 
30 communication subscriber for access to a communications network 
and such method steps which are carried out within the scope of 
the processing or the administration of data which is used in the 
checking . 
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Preferred developments of the invention are given in the dependent 
claims . 

The developments described below relate to the method and to the 
5 arrangement . 

The invention and the development described below can be 
implemented either using software or hardware, for example using a 
specific electrical circuit. 

10 

In one refinement, the first communication subscriber is a service 
provider and/or the second communication subscriber is a service 
user in the communications network. 

15 A sequential number is preferably used as the fault detection data 
item. 

In one refinement, the information relating to the random data 
item is a random number. 
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25 



In one development, the checking of the authenticity is simplified 
by determining a difference between the fault detection data item 
of the first communication subscriber and the fault detection data 
item of the second communication subscriber. 

In one refinement, the checking of the authenticity is further 
improved with respect to the security of the communications 
network by limiting the difference. 



30 One development is preferably used within the scope of a mobile 
phone system. In the mobile phone system, the service user is 
implemented as a mobile phone and/or the service provider is 
implemented as a mobile phone network operator. 
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An exemplary embodiment of the invention which is explained in 
more detail below is illustrated in the figures, in which figures: 



Figure 1 shows a mobile phone system; 

5 

Figure 2 shows an outline in which checking of the authenticity of 
a communication subscriber is illustrated 
symbolically; 

10 Figure 3 shows a flowchart in which individual method steps are 
illustrated during checking of the authenticity of a 
service provider in a communications network; 

Figure 4 shows an outline in which checking of the authenticity of 
15 a communication subscriber in accordance with the 

3G TS 33.102 Version 3.0.0 Standard is illustrated 
symbolically. 
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Exemplary embodiment: mobile phone system 



M A mobile phone system 100 is illustrated in Fig. 1 . The mobile 

[2. phone system 100 comprises a mobile phone 101, a local dial -in 

network 102 with a dial-in network operator 103 and a home network 

104 with a home network operator 105. 
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The mobile phone 101 is signed on and registered in the home 
network 104. 



In addition, the mobile phone 101 , the dial -in network 102 and the 
30 home network 104 each have a central processing unit 106, 107, 108 
with a memory 109, 110, 111, with which processing units 
106, 107, 108 the procedure described below is monitored and 
cont r o 1 1 ed , and 
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on which memories 109, 110, 111 data is stored. 



The dial-in network 102 and the home network 104 are connected to 
one another via a data line 112 via which digital data can be 
5 transmitted. The mobile phone 101 and the dial -in network 102 are 
connected to one another via any desired transmission medium 113 
for transmitting digital data. 

The procedure during the checking of the authenticity of the 
10 mobile phone 101 and the procedure during the checking of the 
authenticity of the home network 104 and/or of the home network 
operator 105 are illustrated symbolically in Fig. 2 , and parts 
thereof will be explained below briefly. 

15 The transmission of data in Fig. 2 is illustrated in each case by 
an arrow. A direction of an arrow characterizes a transmission 
direction during a data transmission - 

The procedure which is described below and illustrated 
20 symbolically in Fig. 2 is based on what is referred to as a 
3G TS 33.102 Version 3.0.0 Standard, which describes a security 
architecture of a mobile phone system and is described in [1] . 

During a communication, the mobile phone 201 dials 210 into the 
25 dial-in network 203. At the start of the communication/ checking 
both of the authenticity of the mobile phone 2 01 and of the 
authenticity of the home network 204 and/or of the home network 
operator takes place. 

30 To do this, the dial-in network 203 requests 211 authentication 
data from the home network 204, with which authentication data the 
authenticity of the user 201 and of the home network 204 and/or of 
the home network operator can be checked. 



35 The authentication data which is determined by the home network 
204 comprises a random number and a sequential number of the home 
network 204 (cf . Fig. 3 step 310) . The sequential number of the 
home network 204 is determined in such a way that a counter of the 
home network 204 increases the sequential number of the home 
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network 2 04 by the value 1 at each attempt at communication 
between the mobile phone 201 and the home network 204. 

It is to be noted that the random number and the sequential number 
5 of the home network 204 only constitute part of the authentication 
data and are not to be understood as comprehensive. Further 
authentication data is specified in [1] . 

The home network 204 transmits 212 the requested authentication 
10 data to the dial-in network 203. The dial-in network 203 processes 
the received authentication data in a suitable way 213 and 
transmits 214 the processed authentication data to the mobile 
phone 201. 

O 15 The mobile phone 201 checks 215 the authenticity of the home 

2f network 204 using a dedicated sequential number which is handled 

.fi; in a way corresponding to the sequential number of the home 

if network 204, and using the sequential number of the home network 

^2 204. In a way corresponding to the home network 204, the mobile 

^ 20 phone 201 also has a counter. 

The procedure during the checking of the authenticity of the home 
network 204 is described in [1] . Method steps which differ 
CJ therefrom are described below. 



25 



What is referred to as overflow checking of the counter of the 
mobile phone 2 01 is carried out within the scope 
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of the checking of the authenticity of the home network 203. This 
overflow checking prevents overflowing of an acceptable numerical 
range of the counter of the mobile phone 201. 



-lo- 



in the overflow checking, the following conditions are tested: 

1) sequential number of the home network 2 04 > sequential 
5 number of the mobile phone 201; 

2) sequential number of the home network 2 04 - sequential 
number of the mobile phone 201 < - predefinable 
deviation (1,000,000) ; 

10 

the following applying for the predefined deviation: 

predefinable deviation is sufficiently large in order to 
ensure, during normal or fault -free communications operation: 

15 

that the sequential number of the home network 2 04 - sequential 
number of the mobile phone 201 is not > predefinable deviation; 

the maximum permis sable sequential number of the mobile 
20 phone 2 01 /predefinable deviation is sufficiently large in order to 
ensure that the maximum permissible sequential number of the 
mobile phone 2 01 is not reached during operation. 

The result of the checking of the authenticity of the home network 
25 204, ^'authenticity satisfactory" 216, ^'authenticity satisfactory 
but a sequential fault has occurred" 217 or ''authenticity not 
satisfactory" 218 is transmitted 419 to the home network 204 from 
the mobile phone 2 01. 

30 In the case of the result "authenticity satisfactory'"' 216, the 
dial-in network 203 checks 220 the authenticity of the mobile 
phone 201, as described in [1] . 
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In the case of the result "authenticity not satisfactory" 218, the 
communication is interrupted or restarted 221. 
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In the case of the result "authenticity satisfactory but a 
sequential fault has occurred" 217, re synchronization 222 takes 
place. Resynchronization is to be understood as a change of the 
sequential number of the home network 204. 

For this purpose, the mobile phone 201 transmits 222 
resynchronization data to the dial -in network 203. 



The resynchronization data comprises the same random number which 
10 was transmitted within the scope of the authentication data, and 
the sequential number of the mobile phone 201 (of. Fig. 3 step 
320) . 



The dial- in network 2 03 processes the resynchronization data in a 
Cj 15 suitable way and transmits the processed resynchronization data to 

the home network 204. 

O" The home network checks the sequential number of the mobile phone 

,2; 201 and the sequential number of the home network 204 using the 

« 20 processed resynchronization data, and if appropriate changes 223 

O the sequential number of the home network 204 (cf. Fig. 3 step 

330) . 



The home network 204 subsequently transmits new authentication 
25 data, which if appropriate comprises the changed sequential number 
of the home network 204, to the dial-in network 203. 



In order to illustrate the described procedure, important steps 
3 00 of the procedure are illustrated in Fig. 3 . 

30 



Fig. 3 shows a first step 310 within the scope of which the 
authentication data (first fault information) is determined. 
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The re synchronization data (second fault information) is 
determined within the scope of a second step 320. 

The sequential number of the mobile phone and the sequential 
number of the home network are checked within the scope of a third 
step 330, using the re synchronization data. 

An alternative of the first exemplary embodiment is described 
below. 

In the alternative exemplary embodiment, a method is implemented 
in which the home network is made more reliable with respect to a 
data loss in the event of a system crash. 

O 15 For this purpose, the current sequential number of the home 

2! network is stored in the memory of the home network, in each case 

at a predefinable time interval. A sequential number of the home 
S network which has been lost during a system crash of the home 

--!; network is restored in such a way that a predefinable additional 

5 20 value is added to the value of the stored sequential number. The 

iJ predefinable additional value is dimensioned in such a way that 

exceeding of the sum of the sequential number of the mobile phone 
m and the predefinable deviation is not exceeded. 

''^ 25 In the alternative exemplary embodiment, the predefinable 

additional value is determined in such a way that an average 
number of authentication attempts on one day by the home network, 
which number is determined during operation of the communications 
network, is multiplied by a factor with the value 10. 

30 
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The following publication is cited in this document: 

[1] 3G TS 33.102 Version 3.0.0 Draft Standard, 2''^ Generation 
Partnership Project, Technical Specification Group Services and 
System Aspects, 3G Security, Security Architecture, 05/1999. 
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Patent claims 

1. A method for checking the authenticity of a first 
5 communication subscriber in a communications network, 

in which a first fault information item is formed in the 
first communication subscriber using a fault detection 
data item of the service provider and an information item 
relating to a random data item; 

10 - in which a second fault information item is formed in a 

second communication subscriber in the communications 
network using a fault detection data item of the second 
communication subscriber and the information item 
relating to the random data item; 

15 - in which the authenticity of the first communication 

subscriber is checked using the first fault information 
item and the second fault information item. 

2. The method as claimed in claim 1, in which a difference is 
20 determined between the fault detection data item of the 

first communication subscriber and the fault detection data 
item of the second communication subscriber. 

3. The method as claimed in claim 2, in which the difference is 
25 limited. 

4. The method as claimed in one of claims 1 to 3, used within 
the scope of a mobile phone system. 



30 5. 



An arrangement for checking the authenticity of a first 
communication subscriber in a communications network. 
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in which the first communication subscriber is set up in 
such a way that a first fault information item can be formed 
using a fault detection data item of the first communication 
5 subscriber and an information item relating to a random data 

item; 
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in which a second communication subscriber is set up in 
the communications network in such a way that a second 
fault information item can be formed using a fault 
detection data item of the second communication 
subscriber and the information relating to the random 
data item; 

in which the authenticity of the first communication 
subscriber can be checked using the first fault 
information and the second fault information. 

The arrangement as claimed in claim 5, in which the first 
communication subscriber is a service provider and/or the 
second communication subscriber is a service user in the 
communications network. 

7. The arrangement as claimed in claim 5 or 6, in which a fault 
1|; detection data item is a sequential number. 

8. The arrangement as claimed in one of claims 5 to 7, in which 
p;., 20 the information relating to the random data item is a random 
hi number . 

i^: 9. The arrangement as claimed in one of claims 5 to 8^ in which 

fH the first communication subscriber is a service provider in 

25 the communications network and/or the second communication 
subscriber is a service user in the communications network. 



15 



10. The arrangement as claimed 
provider is a mobile phone 

30 is a mobile phone. 

11. The arrangement as claimed 
within the scope of 



in claim 9, in which the service 
operator and/or the service user 

in one of claims 5 to 10, used 
a mob i 1 e phone sy s t em . 
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Abstract 

Method and arrangement for checking the authenticity of a first 
communication subscriber in a communications network 

In the method and the arrangement for checking the authenticity of 
a first communication subscriber in a communications network, a 
first fault information item is formed in the first communication 
subscriber using a fault detection data item of the first 
communication subscriber and an information item relating to a 
random data item. In a second communication subscriber in the 
communications network, a second fault information item is formed 
using a fault detection data item of the second communication 
subscriber and the information relating to the random data item. 
The authenticity of the first communication subscriber is checked 
using the first fault information and the second fault 
information. 
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Patent claims 

1. A method for checking the authenticity of a first 
communication subscriber in a communications network, 

5 - in which a first fault information item is formed in the 

first communication subscriber using a fault detection 
data item of the first communication subscriber and an 
information item relating to a random data item which has 
been transmitted to the first communication subscriber by 
10 a second communication subscriber in the communications 

network; 

in which the first fault information is transmitted to 
ks;. the second coiranunication subscriber by the first 

Q communication subscriber, 

^£ 15 - in which a second fault information item is formed in the 

,7?; second communication subscriber using a fault detection 

data item of the second comrminication subscriber and the 
information item relating to the random data item; 
f^: ~ in which the authenticity of the first communication 

yif 20 subscriber is checked in the second communication 

l'^' subscriber using the first fault information item and the 

p4 second fault information item. 

: -sis' 

2. The method as claimed in claim 1, in which a difference is 
25 determined between the fault detection data item of the 

first communication subscriber and the fault detection data 
item of the second communication subscriber. 

3. The method as claimed in claim 2, in which the difference is 
30 limited. 
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4 . The method as claimed in one 
the scope of a mobile phone system. 

5. An arrangement for checking 
communication subscriber in 



of claims 1 to 3, used within 

the authenticity of a first 
a communications network. 



AMENDED SHEET 



1999P02055WO 
PCT/DEOO/01788 



- 15 - 



in which the first communication subscriber is set up in 
such a way that a first fault information item can be 
formed using a fault detection data item of the first 
5 communication subscriber and an information item relating 

to a random data item which has been transmitted to the 
first communication subscriber by a second communication 
subscriber in the communications network, and the first 
fault information item can be transmitted to the second 

10 communication subscriber; 

in which the second communication subscriber is set up in 
such a way that a second fault information item can be 
formed using a fault detection data item of the second 
communication subscriber and the information relating to 

15 the random data item, and the authenticity of the first 

communication subscriber can be checked using the first 
fault information and the second fault information « 

6. The arrangement as claimed in claim 5, in which the first 
20 communication subscriber is a service provider and/or the 

second communication subscriber is a service user in the 
communications network. 

7. The arrangement as claimed in claim 5 or 6, in which a fault 
25 detection data item is a sequential number. 

8. The arrangement as claimed in one of claims 5 to 7, in which 
the information relating to the random data item is a random 
number . 
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9 . The arrangement as claimed in one of claims 5 to 8 , in which 
the first communication subscriber is a seirvice provider in 
the communications network and/or the second communication 
subscriber is a searvice user in the communications network. 
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10. The arrangement as claimed in claim 9, in which the service 
provider is a mobile phone operator and/or the service user 
is a mobile phone. 

11. The arrangement as claimed in one of claims 5 to 10, used 
within the scope of a mobile phone system. 
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Description 

Method and arrangement for checking the authenticity of a first 
communication subscriber in a communications network 

5 

The invention relates to a method and an arrangement for checking 
the authenticity of a first communication subscriber in a 
communications network. 

In a communications network, data is generally transmitted between 
communication subscribers, for example a service provider and a 
service user. In order to protect a communications network against 
penetration of an unauthorized communication subscriber into the 
communications network, the authenticity of each communication 
subscriber is generally checked. 

Document [1] discloses a method and an arrangement for checking 
the authenticity of a communication siibscriber, in particular of a 
service provider or of a service user in a communications network. 
20 

The method known from document [1] and the corresponding 
arrangement are based on what is referred to as 3G TS 33.102 
Version 3,0.0 Draft Standard, which describes a security 
architecture of a mobile phone system, 

25 

Fig. 4 , the procedure during the checking of the authenticity 
of a communication subcriber, such as is known from the document 
[1] is illustrated symbolically and parts thereof will be 
explained below briefly. 

30 

A transmission of data is illustrated in Fig. 4 by an arrow in 
each case. A direction of an arrow characterizes a transmission 
direction during a data transmission. 

Fig. 4 shows a mobile phone system 4 00, comprising a user 401 of a 
35 communication service, for example a mobile phone, and a provider 
4 02 of a communication service. The provider 4 02 comprises a 
dial -in network 403 with a dial -in network operator from which the 
user 401 locally requests a communication service, and a home 
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network 404 with a home network operator with which the user 4 01 
is signed on and registered. 

In addition, the user 401, the dial-in network 403 and the home 
5 network 4 04 each have a central processing unit with a memory, for 
example a server (central computing unit) , with which processing 
unit the procedure described below is monitored and controlled and 
on which memory data is stored. 

The dial -in network 403 and the home network 404 are connected to 
one another via a data line over which digital data can be 
transmitted. The user 4 01 and the dial -in network 4 03 are 
connected to one another via any desired transmission medium for 
the transmission of digital data. 

During a communication, the user 401 dials 410 into the dial-in 
network 403. At the start of the communication, checking of both 
the authenticity of the user 401 and the authenticity of the 
provider 402 is carried out. 

To do this, the dial-in network 403 requests 411 what is referred 
to as authentication data from the home network 404, with which 
data the authenticity of the user 401 and of the provider 402 can 
be checked. 

The authentication data which is obtained from the home network 
4 04 comprises a random number and a sequential number of the 
provider 402. The sequential number of 



10 



15 



20 



25 
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the provider 402 is obtained in such a way that a counter of the 
provider 402 increases the sequential number of the provider 402 
by the value 1 at each attempt at communication between the user 
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401 and the provider 402, 

It is to be noted that the random number and the sequential number 
of the provider 402 only constitute part of the authentication 
5 data and are not to be understood as comprehensive. Further 
authentication data is known from [1] . 

The home network 4 04 transmits 412 the requested authentication 
data to the dial-in network 403. The dial-in network 403 processes 
10 the received authentication data in a suitable way 413, and 
transmits 414 the processed authentication data to the user 401. 

The user 401 checks 415 the authenticity of the provider 402 using 
a dedicated sequential number, which is handled in a way 
15 corresponding to the sequential number of the provider 4 02, and 
using the sequential number of the provider 402. 

The procedure during the checking of the authenticity of the 
provider 402 is described in [1] . 

20 

A result of the checking of the authenticity of provider 402, 
''authenticity of provider satisfactory" 416, ''authenticity of 
provider satisfactory but sequential fault has occurred" 417 or 
"authenticity of provider not satisfactory" 418, is transmitted 
25 419 from the user 401 to the provider 402. 

In the case of the result "authenticity of provider satisfactory" 
416, the dial -in network 4 03 checks 420 the authenticity of the 
user 401 as described in [1] . 

30 

In the case of the result "authenticity of provider not 
satisfactory" 418, the communication is interrupted and/or 
restarted 421. 
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In the case of the result "authenticity of provider satisfactory 
but a sequential fault has occurred" 417, resynchronization takes 
place in such a way that the home network 4 04 transmits 422 a 
resynchronization request to the user 401. The user responds with 
5 a resynchronization response in which resynchronization data is 
transmitted 423 to the home network 404. The sequential number of 
the provider 402 is changed 424 as a function of the 
resynchronization response. The authenticity of the user 401 is 
then checked, as is known from [1] . 

10 

The procedure described has the disadvantage that during checking 
of the authenticity of a communication subscriber, in particular 
during the checking of the authenticity of a service provider, a 
Lj.; large amount of data has to be transmitted between the 

15 communication subscribers. 

ill The invention is thus based on the problem of disclosing a method 

which is simplified and improved in comparison with the known 
method and the known arrangement, and a simplified and improved 

HI 

- 20 arrangement for checking the authenticity of a communication 

O subscriber in a communications network. 

ai The problem is solved by means of the methods and by means of the 

arrangements having the features in accordance with the 

nl 

25 independent patent claims. 



In the method for checking the authenticity of a first 
communication subscriber in a communications network; a first 
fault information item is formed in the first communication 
30 subscriber using a fault detection data item of the first 
communication subscriber and an information item relating to a 
random data item. In a second communication subscriber in the 
communications network, a second fault information item is 
formed 
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using a fault detection data item of the first communication 
subscriber and the information relating to the random data 
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item. 

The authenticity of the first communication subscriber is checked 
using the first fault information item and the second fault 
5 information item. 

In the arrangement for checking the authenticity of a first 
communication subscriber in a communications network, the first 
communication subscriber is set up in such a way that a first 
fault information item can be formed using a fault detection data 
item of the first communication subscriber and an information item 
relating to a random data item. In addition, the arrangement has a 
second communication subscriber in the communications network 
which is set up in such a way that a second fault information item 
can be formed using a fault detection data item of the second 
communication subscriber and the information relating to the 
random data item. The authenticity of the first communication 
subscriber can be checked using the first fault information item 
and the second fault information item. 

The checking of the authenticity of a communication subscriber in 
a communications network is to be understood as meaning method 
steps which are carried out in the wider sense with checking of 
the authorization of a communication subscriber for access to a 
communications network or participation in communication in a 
communications network. 

This thus encompasses both method steps which are carried out 
within the scope of the checking of the authorization of a 
30 communication subscriber for access to a communications network 
and such method steps which are carried out within the scope of 
the processing or the administration of data which is used in the 
checking. 



10 
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Preferred developments of the invention are given in the dependent 
claims . 

The developments described below relate to the method and to the 
5 arrangement . 

The invention and the development described below can be 
implemented either using software or hardware, for example using a 
specific electrical circuit. 

10 

In one refinement, the first communication subscriber is a service 
provider and/or the second communication subscriber is a service 
user in the communications network. 

15 A sequential number is preferably used as the fault detection data 
item. 

In one refinement, the information relating to the random data 
item is a random number. 

20 



M In one development, the checking of the authenticity is simplified 

by determining a difference between the fault detection data item 
ff^ of the first communication subscriber and the fault detection data 

O item of the second communication subscriber, 

25 

In one refinement, the checking of the authenticity is further 
improved with respect to the security of the communications 
network by limiting the difference. 

3 0 One development is preferably used within the scope of a mobile 
phone system. In the mobile phone system, the service user is 
implemented as a mobile phone and/ or the service provider is 
implemented as a mobile phone network operator. 
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An exemplary embodiment of the invention which is explained in 
more detail below is illustrated in the figures, in which figures: 



Figure 1 shows a mobile phone system; 

5 

Figure 2 shows an outline in which checking of the authenticity of 
a communication subscriber is illustrated 
symbolically; 



10 Figure 3 shows a flowchart in which individual method steps are 
illustrated during checking of the authenticity of a 
service provider in a communications network; 

Figure 4 shows an outline in which checking of the authenticity of 
15 a communication subscriber in accordance with the 

3G TS 33.102 Version 3.0.0 Standard is illustrated 
symbolically. 



Exemplary embodiment: mobile phone system 

r 20 

C3 A mobile phone system 100 is illustrated in Fig. 1 . The mobile 

phone system 100 comprises a mobile phone 101, a local dial -in 
network 102 with a dial-in network operator 103 and a home network 

lI| 104 with a home network operator 105. 

m 25 

The mobile phone 101 is signed on and registered in the home 
network 104. 



In addition, the mobile phone 101, the dial-in network 102 and the 
3 0 home network 104 each have a central processing unit 106, 107, 108 
with a memory 109, 110, 111, with which processing units 
106, 107, 108 the procedure described below is monitored and 
controlled, and 
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on which memories 109, 110, 111 data is stored. 

The dial -in network 102 and the home network 104 are connected to 
one another via a data line 112 via which digital data can be 
5 transmitted. The mobile phone 101 and the dial -in network 102 are 
connected to one another via any desired transmission medium 113 
for transmitting digital data. 

The procedure during the checking of the authenticity of the 
10 mobile phone 101 and the procedure during the checking of the 
authenticity of the home network 104 and/ or of the home network 
operator 105 are illustrated symbolically in Fig. 2 , and parts 
thereof will be explained below briefly. 

The transmission of data in Fig. 2 is illustrated in each case by 
an arrow. A direction of an arrow characterizes a transmission 
direction during a data transmission. 

The procedure which is described below and illustrated 
symbolically in Fig. 2 is based on what is referred to as a 
3G TS 33.102 Version 3.0.0 Standard, which describes a security 
architecture of a mobile phone system and is described in [1] . 

During a communication, the mobile phone 201 dials 210 into the 
dial-in network 203. At the start of the communication, checking 
both of the authenticity of the mobile phone 201 and of the 
authenticity of the home network 204 and/or of the home network 
operator takes place. 

30 To do this, the dial -in network 203 requests 211 authentication 
data from the home network 204, with which authentication data the 
authenticity of the user 2 01 and of the home network 2 04 and/or of 
the home network operator can be checked. 

35 The authentication data which is determined by the home network 
204 comprises a random number and a sequential number of the home 
network 204 (cf. Fig . 3 step 310). The sequential number of the 
home network 204 is determined in such a way that a counter of the 
home network 204 increases the sequential number of the home 





network 2 04 by the value 1 at each attempt at communication 
between the mobile phone 201 and the home network 204. 

It is to be noted that the random number and the sequential number 
of the home network 204 only constitute part of the authentication 
data and are not to be understood as comprehensive. Further 
authentication data is specified in [1] . 

The home network 204 transmits 212 the requested authentication 
data to the dial-in network 203. The dial-in network 203 processes 
the received authentication data in a suitable way 213 and 
transmits 214 the processed authentication data to the mobile 
phone 2 01. 

The mobile phone 201 checks 215 the authenticity of the home 
network 2 04 using a dedicated sequential number which is handled 
in a way corresponding to the sequential number of the home 
network 204, and using the sequential number of the home network 
204. In a way corresponding to the home network 204, the mobile 
phone 201 also has a counter. 

The procedure during the checking of the authenticity of the home 
network 204 is described in [1] . Method steps which differ 
therefrom are described below. 

What is referred to as overflow checking of the counter of the 
mobile phone 201 is carried out within the scope 
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of the checking of the authenticity of the home network 203. This 
overflow checking prevents overflowing of an acceptable numerical 
range of the counter of the mobile phone 201. 



-lo- 



in the overflow checking, the following conditions are tested: 



1) sequential number of the home network 2 04 > sequential 
5 number of the mobile phone 201; 

2) secjuential number of the home network 2 04 - sequential 
number of the mobile phone 201 < - predefinable 
deviation (1,000,000); 

10 

the following applying for the predefined deviation: 



predefinable deviation is sufficiently large in order to 
ensure, during normal or fault -free communications operation: 

that the sequential number of the home network 2 04 - sequential 
yj number of the mobile phone 201 is not > predefinable deviation; 

,2 - the maximum permissable sequential number of the mobile 

g 20 phone 201/predef inable deviation is sufficiently large in order to 

d ensure that the maximum permissible sequential number of the 

n mobile phone 201 is not reached during operation. 

O The result of the checking of the authenticity of the home network 

25 204, ^authenticity satisfactory" 216, ^authenticity satisfactory 
but a sequential fault has occurred" 217 or ''authenticity not 
satisfactory" 218 is transmitted 419 to the home network 204 from 
the mobile phone 201. 



30 



In the case of the result "authenticity satisfactory" 216, the 
dial -in network 2 03 checks 220 the authenticity of the mobile 
phone 2 01, as described in [1] . 
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In the case of the result "authenticity not satisfactory" 218, the 
communication is interrupted or restarted 221. 
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In the case of the result "authenticity satisfactory but a 
sequential fault has occurred'' 217, resynchronization 222 takes 
place. Resynchronization is to be understood as a change of the 
sequential number of the home network 204. 

5 

For this purpose, the mobile phone 201 transmits 222 
resynchronization data to the dial-in network 203. 

The resynchronization data comprises the same random number which 
10 was transmitted within the scope of the authentication data, and 
the sequential number of the mobile phone 201 (cf. Ficf . 3 step 
320) . 

The dial-in network 203 processes the resynchronization data in a 
15 suitable way and transmits the processed resynchronization data to 
the home network 2 04. 

The home network checks the sequential number of the mobile phone 
201 and the sequential number of the home network 204 using the 
20 processed resynchronization data, and if appropriate changes 223 
the sequential number of the home network 204 (cf. Fig. 3 step 
330) . 

The home network 2 04 subsequently transmits new authentication 
25 data, which if appropriate comprises the changed sequential number 
of the home network 204, to the dial-in network 203. 



In order to illustrate the described procedure, important steps 
3 00 of the procedure are illustrated in Fig. 3 . 

30 

Fig . 3 shows a first step 310 within the scope of which the 
authentication data (first fault information) is determined. 
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The resynchronization data (second fault information) is 
determined within the scope of a second step 320. 

The sequential number of the mobile phone and the sequential 
number of the home network are checked within the scope of a third 
step 330, using the resynchronization data. 

An alternative of the first exemplary embodiment is described 
below. 

In the alternative exemplary embodiment, a method is implemented 
in which the home network is made more reliable with respect to a 
data loss in the event of a system crash. 



15 For this purpose, the current sequential number of the home 
network is stored in the memory of the home network, in each case 
at a predefinable time interval. A sequential number of the home 
network which has been lost during a system crash of the home 
network is restored in such a way that a predefinable additional 

20 value is added to the value of the stored sequential number. The 



Q[ predefinable additional value is dimensioned in such a way that 

^ exceeding of the sum of the sequential number of the mobile phone 

and the predefinable deviation is not exceeded. 



25 In the alternative exemplary embodiment, the predefinable 
additional value is determined in such a way that an average 
number of authentication attempts on one day by the home network, 
which number is determined during operation of the communications 
network/ is multiplied by a factor with the value 10. 

30 
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Patent claims 



A method for checking the authenticity of a first 
communication subscriber in a communications network, 

in which a first fault information item is formed in the 
first communication subscriber using a fault detection 
data item of the first communication subscriber and an 
information item relating to a random data item which has 
been transmitted to the first communication subscriber by 
a second communication subscriber in the communications 
network; 

in which the first fault information is transmitted to 
the second communication subscriber by the first 
communication subscriber, 

in which a second fault information item is formed in the 
second communication subscriber using a fault detection 
data item of the second communication subscriber and the 
information item relating to the random data item; 
- in which the authenticity of the first communication 
subscriber is checked in the second communication 
subscriber using the first fault information item and the 
second fault information item. 



2. The method as claimed in claim 1, in which a difference ii 
determined between the fault detection data item of th( 
first communication subscriber and the fault detection dati 
item of the second communication subscriber. 

3. The method as claimed in claim 2, in which the difference i 
limited. 
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4 . The method as claimed in one 
the scope of a mobile phone system. 

5. An arrangement for checking 
communication subscriber in 



of claims 1 to 3 , used withiA 

the authenticity of a first 
a communications network. 
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in which the first communication subscriber is set up in 
such a way that a first fault information item can be 
formed using a fault detection data item of the first 
communication subscriber and an information item relating 
to a random data item which has been transmitted to the 
first communication subscriber by a second communication 
subscriber in the communications network, and the first 
fault information item can be transmitted to the second 
communication subscriber; 

in which the second communication subscriber is set up in 
such a way that a second fault information item can be 
formed using a fault detection data item of the second 
communication subscriber and the information relating to 
the random data item, and the authenticity of the first 
communication subscriber can be checked using the first 
fault information and the second fault information. 

6. The arrangement as claimed in claim 5, in which the first 
communication subscriber is a service provider and/or the 
second communication subscriber is a service user in the 
communications network. 

7. The arrangement as claimed in claim 5 or 6, in which a fault 
detection data item is a sequential number. 

8. The arrangement as claimed in one of claims 5 to 7, in which 
the information relating to the random data item is a random 
number . 
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9 . The arrangement as claimed in one of claims 5 to 8 , in which 
the first communication subscriber is a service provider in 
the communications network and/ or the second communication 
subscriber is a service user in the communications network. 
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10. The arrangement as claimed in claim 9, in which the service 
provider is a mobile phone operator and/or the service user 
is a mobile phone. 



5 11. The arrangement as claimed in one of claims 5 to 10, used 
within the scope of a mobile phone system. 
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Declaration and Power of Attorney For Patent Application 
Erklarung Fiir Patentanmeldungen Mit Voilmacht 

Germsin Language Declaration 



AIe ndcH^tehend bcnanntcr Erfinder qMbtb loh hiermK 
an Bdes scacc 



dass main Wohnslt?. mi^mR Pnstsinsohrift, und meine 
Staetoangehdrigkeit den im Nachstehenden naGh 
meinem Namen autgefflhiten Angaben entspreehen. 



dass ich| nach boetom Wieeon der ureprQngdche, Greta 
und dielnige Erfinder (tails nachstehend nur ein Name 
angsofihan ist) oder ein urspmnrjilnhnr, anstar und 
Mrtai^nder (falls nadistdh^nd nieluere Namen 
aufgefOhrt sind) des Gegatistandas bin, fdr den dieser 
Antrag gostoOi wird und for don ein Patent beantragt 
wira tor die Ernndung mlt dem Titer; 

Verfahren und Annrdnunn zur 



QberprofUnq elner Authsntizitat eines 

ersten Kom munikationsteiinehmers [q 

einem Kbmmunlkatronsnete 



deran Beschralbung 

(zutreffendes ankreuz^ii) 

Q hrftf baigafOgt ist 

El 31.0g.20QO a ls 

Per intemationale Anm^ldiing 

POT Anmeldungsnunm nor PCT/DE00/D1786 

elng«'eicht wurde und am 

Qbgoandert wurda (felfa tafcaiehlich abgeandail). 



Ich bestaoge rdemmt, dass ich dan inhait 6& obigen 
Patentanmeiduns ainsehlaaalich dar AnaprQeha 
durchgeseheii und varaUinden habe, die evantuall 
durch einen Zusatzantrag wrie oben anwi^hnt Ahgaftn- 
dert wurda. 



Ich ertenne meints Pffichl zur OfTenbarung Irgandweh 
cher Infonmationan. dm fOr diA Prfifung der vorllegen- 
den Anm^dung In Einldiittig mil Absats: 37, Bundes- 
gesetzbuch. Paragraph lS6(a) von Widitlgkait sand, 
an. 



Ml beanspruche hlemitt ausiandiscFie pnoritatsvorceiie 
gamiss Ahftdhnitt 35 der Ztvllprozassofdnung dar 
Vereinigten Otaoieni Paragraph 119 aller unien ange* 
gebanan Auslancfeianmeldungan fnr pJh Patent oder 
eina £rfindersuri<undo» und habe auch alb AussliindS' 
anmeldung^ lOr ein Patent odar eine PiUnrii^r^iirkun- 
de naotetchend gekennzeiGhnet, die oin Anmelde* 
datum naben, das vor dem Anmeldedatum der 
Anmeidung llegt, fQr die Priorital: bcanaprueht wiret. 



Ad a below named Inventor, 1 hereby declare that 



My residence, post office address and citizenehip are 
d$ stated below nextto iny natne, 



I believe I am the origlnol, first and sole Inventor (if only 
one name is listed below) or an original, and joint 
inventor (if plural names are listed below) of the 
subject matter which Is claimed and for wtUdD a patent 
iA sought on thn invRntlon entitled 



Method and system for verifying the 
authenticity of a tirst communication 
partidoants in a eommunicatton network 



the specirication oiwnicn 



SiecK one) 
Ib nti^inhed hereto. 
IS was filed on . 



31>0G.20QQ as 



PCT international application 
PCT Applk«itloh No, PCT^I:qO/D17QO 
and was amended on 



(If applicable) 

I hereby gti^ tti»l I IrdVe reviewed and understand the 
contents of ttie above Identiiied .^pedflcafion, including 
the claima as amended by any amendment refenred tu 
above. 



' I acknowiedse the duty to disclose Information which Is 
materiad to the ecan^nation of this applln^ion rn 
aoeordenoe with Title 37, Code of Fedenal Regirl«iUons, 



I hereby dalm foreign priority benefiis under Title ;$b. 
Unitad States Cadfi, §119 of any foreign applicatlon(e} 
for patent or invehtor'a certHicate listed below and have 
also Identified below any foreign appfication fnr ps^tent 
or invehtor's cer^ficate having a filing date btafure Uial 
of the appitcaaon on which prfonty is ctebned- 
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Gernian Language □eclaration 



Prior foreign appplieatione 
Prioritdt beanspruchl 



1 9927271 .fl 

(Number) 

(Nummer) 



(Number) 
(Nummer) 



(Number) 
(Numrruskr) 



DE 

(Country) 
(Land) 



(Ouunliy) 
(Land) 



(Country) 
(Land) 



15.06,1999 

(Day Month Year Rted) 

(Tog Monet Jahr ^nsereioht) 



(Day mm Year Rted) 
(Tag Monat Jahrelngereicht) 



{Uay Month Year Filed) 
(Tag MonatiJahr eingoreioht) 



Yes 
Ja 



□ 

Yes 

Ja 



□ 
Yfis 

Ja 



□ 
No 



□ 

No 
Nein 



□ 
No 
Noin 



leh baanspruehe hiomnlt gom^ee Abeatar 36 dor Zivi!- 
piuMssordnung der Vereinlgten staaten, Paraprapn 
120, den Voi^iig ^Wis^ unten aufgefohiten Anmal- 
dungen und fells der (^genstand aus jed^rri Anspruch 
dieser Anmeldung nldit m «ner frtiheren 
amcHkanischen Patentenmeldung laut dem ersteit 
Parasfsphen des Absatzes 35 der ZMlprozeOonlnuno 
dor Voroinigton Staaten, Paragraph 122 offenbart let, 
li^rKeniie ich gonass Absatz 37, Bundesgesetzbucli. 
Paragraph 1.%(a} maine Pflleht zur Offonbarung von 
Informationen an, di» ^Ischen dem Anmeldedatum 
der frOheren Anmeldutrg und dem nalionalp.n nriar PCT 
intdrns(b'onalen Anmeldadotum dieaer Anmefdung 
befcannt geworden sind. 



I hereby daim the benefit under Tftl6 35, Ut iHed Slales 
Coda §120 of any United States applicaiton(!;) fiftfnd 
below gnd, Inaofar as the subject matter of each of the 
claims of This application [s not disclosed in the prior 
United States application in the manner provided by 
Ihe first paragraph Of Ttae 3S, United States Code. 
§197. 1 antennwlRdoe the duty to dbsctoee material 
Infomiation as defined in Title 37, Code of Federal 
Kegulatlons, §1.56(a} which nmirad between the filing 
date of the prior appGcfltion and the national or PCT 
intem^onal nlino date otthis application. 



pplioBtlQnSeittilNo,} 
noi) 



51 .05.2000 
(Anmnkliidnhiin T. M. .0 



janhangig 



nei) 



(Anmeioaaaiuin i,M$«i} 



(StBUlS) 

^Blenlrsrt, anhftnatoi 



Denftifto 
(SiatiiA) 

(p«tonto(l»pMi£ng, 



(Status) 

(pal«nlBd.p8mfin0, 



Ich erkl^ra hiennit^ dasa aiie von mir In der vorilogcn- 
den^ErWfiruiig gemachtan Angaben nach meinem 
besten Wissen und Gewlssen der volien Wahrheit 
mtaprechen. und dass Idi diese eidesstattllche EfWd- 
rung in Kenntnis dessen abgeba. dans wissentlieh und 
vof^ttalleh faloohc Angaben gemdve Paragraph 1C01, 
Ateaiz IS dar ZiviJproaessordnung der Veralnlgten 
Staaten von Amcrika mft Geldetrafc belegt und/oder 
Getiangnis bestraft Werden Koehnen, und dass der^rtig 
wfRseniiich und vorsjfetzllch fiafeche Angaben die COi- 
tlgkeit der vorllegend^ Patentanmeldung odar eines 
darauf Art AiltAn Patentee gefshrden ktonen. 



I hereby dedare that all statements made herein or my 
own knowledge are ttie and that all statements made 
on information and belief ara believed to be tniei and 
Turther that these sfatemants wana made with the 
knowledge that wiliful false atatements and the like »u 
made are punishable by tine or Imprisonment or hdh, 
under Section 1001 of Title 18 of the United States 
Code and that such wUHui laise statements may 
jeopardize the validity of the appttoation or any patent 
iaaued thenesoii. 
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German Language Declaration 



VERTRETUNGSVOLL.MACHT- Als benannter Erfinder 
btsduftrage ich hirnnlt den nachstehcnd benanntan 
PatsntanwaSt (oder die naonscenend benannten 
PatentoRwatte) und/oder Fat»tt-Ag9nten mit der 
Verfalfiung der voni^enden Patentanmeldung sovviti 
mit dor AbWlcl^lung aller damit varfaundenen Oeschi^ftA 
vor dam Patent*- und Wareafialctwnatnt: (Name und 



POWER OF ATTORNEY. As -a named inventor, I 
hereby appoint thn fnijowino attomey(s} and/or 
iigtfnl(»} Ui (iro&ecute tliis application and transact all 
business in tiie Patent and iratfemarfc Office 
oonnected therewith. (Ikt hQmo and rogfettatlart 
number) 



Cu^omer Mo. 21171 



And I hereby anMud 



Talefongesprsche bitfce nchten an: 
ffsfame und TeMmnummm) 



Ofrect Telephone Gaits to: (name ona telephone 
number) 



Ext 



Postanschrllt S»nd Con-espondence to: 

Staas & l-laisey LLP 
700 Eleventh Street NW. Suite 500 20001 Washington, DC 
Telephcnie: (001) 202 434 1500 and racsimiie (001) 202 434 1501 



[ cWoRGC CUHLAR 


F«d notM «( AT M inwanlnr 

Dr. JORGE CUELLAR 


Untorvefirtft d»t SiflfiriAntt Datum 




BAIERBRUNN. DEUTSCHUND«^ JoZ X 


Residence & 

BAIERBRUNN. GERMANY 


^StanmliSiigUl ' ' ' 
DE 


DE 


PoslansQiuiR 

HOELLRIB3ELSKREUTHERWB3 14 


Post onop Mijm 

HOELLRIEGELSKREUTHt-R WEG 14 


82065 BAIERBRUNN 


82065 BAIERBRUNN 


ji-GUENTHERHORN 


Pull name of second ^int inventor. If any: 

Dr.^GWENTHER HORN 




saSmirnjmtorB slpn^a ^^^^ 




R«KMenc« 

MUENCHEN, GERMANY 


DE 


Ctlbwndilp 

DE 


PoetBfuuMSk 

EOUARD-SCHMID<STR. 16 


PesiOfflw Address 

EDUARD-SCHMID-STR. 16 


81541 MUENCHEN 


81541 MUENCHEN 



FeHe van driven undw^eren Mnerfind&m engekeri). 



sub^oquont Joint Inyontoro). 
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